Security & Smart Card Forum Discussions
Browse the Community
OPTIGA™ Trust
High-end easy to use security solutions that provide an anchor of trust for your application, connecting IoT devices to the cloud, giving billons of device its own unique identity, pre-personalized turnkey solutions, zero-touch onboarding, high performance, ... We did not meet your expectations? Let us know!
OPTIGA™ TPM
OPTIGA™ TPM (Trusted Platform Module) offers a broad portfolio of standardized security controllers to protect the integrity and authenticity of embedded devices and systems. With a secured key store and support for a variety of encryption algorithms, OPTIGA™ TPM security chips provide robust protection for critical data and processes through their rich functionality. OPTIGA™ TPM security controllers are ideal for platforms running both Windows and Linux and its derivatives (SLB 9645 product versions for Chrome OS available). Based on Trusted Computing Group (TCG) standards, they support the TPM 1.2 or the latest innovative TPM 2.0 standard.
SECORA™ Blockchain
SECORA™ Blockchain is a fast, easy-to-use Java Card™ solution supporting best-in-class security for block chain system implementations. By providing a safe “vault” for user credentials, SECORA™ Blockchain can reduce the final user’s commercial risk and helps to increase trust in the block chain system.
CIPURSE™
Open, international standards such as CIPURSE™ are the best way to ensure interoperability across secured, cost-effective and flexible multi-applications schemes supporting fare collection. Infineon is the world’s first supplier of a complete CIPURSE™ certified product portfolio.
OPTIGA™ Connect
OPTIGA™ Connect is a family of turnkey eSIM security solutions for easy, flexible and secured cellular connectivity. They are optimized for specific requirements of industrial and IoT applications as well as those of consumer devices.<br> NOTE: We currently support only <b>OPTIGA™ Connect IoT</b> on this forum. For queries on OPTIGA™ Connect Consumer, please create a case at <a href="https://mycases.infineon.com/">https://mycases.infineon.com/</a>.
Featured Discussions
Hello guys,
I tried to use the infineon TPM utility to test TPM ( https://github.com/Infineon/eltt2?tab=readme-ov-file ),
based on Ubuntu: 22.04, kernel: 6.2.0-36-generic, but the test result is failed as below:
and I already checked kernel 5.15 is PASS, so could anybody know what's the problem on kernel 6.2 ?
smartconx_target@Q!w2e3r4t5y6u7i8o9p0||/t5/OPTIGA-TPM/Module-TPM-2-0-SLB-9670-XQ-2-0-used-the-infineon-TPM-utility-to-test-TPM-failed/td-p/706081
Show LessGood day,
I want to develop an application for an academic project, and I want to use the OPTIGA Trust M chip. However, I am considering implementing it with the WLC1115 chip as the transmitter. My question is whether it's possible to make this implementation and if the application I want to develop is feasible with these two chips.
Application: I want to authenticate the transmitter with the receiver in such a way that the receiver can only be used with that transmitter and vice versa.
I also want to know if I would need to implement the OPTIGA Trust M chip both in the Tx and Rx.
Thank you for your responses.
Show LessIs an Optiga TPM the recommended secure element for a TI based DSP system?
Does Infineon offer application notes or examples to avoid easy mis-steps when attempting to secure a DSP based system?
A helpful document on 'Open Source TPM Support' was helpful, but would prefer existing knowledge on this particular case if available. Reference https://www.infineon.com/dgdl/Linux%20and%20Open%20Source%20activities%20for%20Trusted%20Computing%20and%20TPM%20applications.pdf?fileId=db3a304412b407950112b4165abb2043
Greg
Show Lesssh write_default_shared_secret.sh
write_default_shared_secret.sh: 2: source: not found
rm: cannot remove '*.dat': No such file or directory
Generate default shared secret
Bypass Shielded Communication.
shm_open: Permission denied
Segmentation fault
for the attached links ( https://www.infineon.com/dgdl/Infineon-Customer_presentation_OPTIGA_TPM_SLB_9672-Presentations-v01_00-EN.pdf?fileId=8ac78c8c8afe5bd0018b180e3f2535ff ) & ( https://www.infineon.com/dgdl/Infineon-Customer_presentation_OPTIGA_TPM_SLB_9673-Presentations-v01_00-EN.pdf?fileId=8ac78c8c8afe5bd0018b18b4cb5c396a) , i need to know if all the series ( SLB 9670 & SLB 9672 & SLB 9673 ) have ( 2035 ) PLP or availability expected based on these links or not?
Show LessThis seems similar to some other threads I've found:
* https://community.infineon.com/t5/OPTIGA-TPM/SLB-9665TT2-0-SHA256-Linux-support/td-p/398514
* https://answers.microsoft.com/en-us/insider/forum/all/bug-of-the-bootloaderfwefi-the-new-version/e28b2930-2d17-4338-befe-6a787410d1d6
Platform is a Gigabyte z97x-ud3h motherboard with an updated bios with tpm2.0 support.
SLB9665 has been updated to TPM20_5.63.3353.0.
With hashpolicy set to sha1 in the uefi, everything works perfectly, except for the obvious issue that sha1 is being used.
When set to sha2, the uefi indeed populates sha256 banks 0-7 and 11. However, Windows 11 still tries to use the sha1 bank for some reason, which obviously does not work.
As suggested in the other thread, I was able to use pcr_allocate to configure only a sha256 bank. And yet, Windows still "uses" sha1, which again fails.
How can I further troubleshoot? Is there some variable that needs adjusting with the tpm?
Thanks
Show LessHello,
We are currently working on tpm2.0 for SLB9673 , as this is new to us we would like to know whether SLB9673 supports disk encryption.
If so, could you provide us a brief explanation about disk encryption process that is performed and the necessary steps/procedure that is to be followed to perform the same.
Thanks and Regards,
Mythreyi
Is SLB 9665TT2.0 compatible with ESXi version 8? The requirements are as follows:
- TPM 2.0
- SHA-256 hashing algorithm - SHA1 is not supported
- TIS/FIFO (First-In, First-Out) interface and not CRB (Command Response Buffer) - CRB is a no no according to VMWare docs.
Show Less